A Novel Seed Generation Approach for Vulnerability Mining Based on Generative Adversarial Networks and Attention Mechanisms
-
Published:2024-03-01
Issue:5
Volume:12
Page:745
-
ISSN:2227-7390
-
Container-title:Mathematics
-
language:en
-
Short-container-title:Mathematics
Author:
Du Chunlai1, Xu Guizhi1, Guo Yanhui2ORCID, Wang Zhongru13, Yu Weiqiang4
Affiliation:
1. School of Information Science and Technology, North China University of Technology, Beijing 100144, China 2. Department of Computer Science, University of Illinois Springfield, Springfield, IL 62703, USA 3. Chinese Academy of Cyberspace Studies, Beijing 100048, China 4. Beijing DigApis Technology Co., Ltd., Beijing 100081, China
Abstract
Coverage-guided fuzzing has been widely applied in software error and security vulnerability detection. The fuzzing technique based on AFL (American Fuzzy Loop) is a common coverage-guided fuzzing method. The code coverage during AFL fuzzing is highly dependent on the quality of the initial seeds. If the selected seeds’ quality is poor, the AFL may not be able to detect program paths in a targeted manner, resulting in wasted time and computational resources. To solve the problems that the seed selection strategy in traditional AFL fuzzing cannot quickly and effectively generate high-quality seed sets and the mutated test cases cannot reach deeper paths and trigger security vulnerabilities, this paper proposes an attention mechanism-based generative adversarial network (GAN) seed generation approach for vulnerability mining, which can learn the characteristics and distribution of high-quality test samples during the testing process and generate high-quality seeds for fuzzing. The proposed method improves the GAN by introducing fully connected neural networks to balance the competitive adversarial process between discriminators and generators and incorporating attention mechanisms, greatly improving the quality of generated seeds. Our experimental results show that the seeds generated by the proposed method have significant improvements in coverage, triggering unique crashes and other indicators and improving the efficiency of AFL fuzzing.
Funder
National Natural Science Foundation of China National Key Research and Development Plan of China
Reference20 articles.
1. Manes, V.J.M., Han, H.S., Han, C., Sang, K.C., and Woo, M. (2018). Fuzzing: Art, Science, and Engineering. arXiv. 2. Rebert, A., Cha, S.K., AVGERINOS, T., and Brumley, D. (2014, January 20–22). Optimizing seed selection for fuzzing. Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA. 3. Wang, J., Chen, B., Lei, W., and Yang, L. (2017, January 22–26). Skyfire: Data-driven seed generation for fuzzing. Proceedings of the 32nd IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA. 4. Vudenc: Vulnerability detection with deep learning on a natural codebase for python;Wartschinski;Inf. Softw. Technol.,2022 5. Zhang, L., Wang, J., and Wang, W. (2022). A novel smart contract vulnerability detection method based on information graph and ensemble learning. Sensors, 22.
|
|